Autonomous AI-powered security scanning platform
This platform is provided for educational and authorized security testing purposes only.
- Only test applications for which you have explicit, written authorization
- AI output may contain inaccuracies, false positives, or false negatives
- It is not a substitute for professional security auditing
- The creators assume no liability for misuse or damage
Always verify findings manually.
BugTraceAI is an opensource, self-hosted framework for bug bounty hunting and penetration testing. It combines autonomous AI agents with real security tools to discover, analyze, exploit, and validate vulnerabilities independently.
This is NOT a wrapper around existing tools. It is an autonomous multi-agent system where AI agents make intelligent decisions about what to test, how to mutate payloads, and when findings are real.
| Principle | Description |
|---|---|
| Privacy-First | Everything runs locally. No telemetry, no tracking, no cloud dependency |
| Opensource | AGPL-3.0 licensed. All code, prompts, and algorithms are public |
| Self-Hosted | Your data stays on your infrastructure |
| Modular | Use components independently or together |
| Docker-Native | One-command deployment via Launcher |
BugTraceAI is composed of 3 independent but interconnected components:
| Component | Description | Tech Stack | Repository |
|---|---|---|---|
| BugTraceAI-CLI | Autonomous AI security scanner. Multi-agent pipeline with Go fuzzers, Playwright browser validation, and AI-driven analysis | Python + FastAPI + Go + Playwright | BugTraceAI-CLI |
| BugTraceAI-WEB | Web dashboard with 20+ AI security tools, real-time scan monitoring, and CLI control center | React + Express + PostgreSQL | BugTraceAI-WEB |
| BugTraceAI-Launcher | One-command Docker deployment wizard with interactive setup and service management | Bash + Docker Compose | BugTraceAI-Launcher |
| MCP Ecosystem | Extensible agent framework using the Model Context Protocol. Includes integrated Kali Linux and ReconFTW agents | MCP + Docker + Python | reconftw-mcp |
Each component works independently. Use the WEB alone for AI analysis, the CLI alone for autonomous scanning, or deploy everything together with the Launcher.
+----------------------------+
| BugTraceAI-WEB |
| React + Express + PgSQL |
| Port 6869 / Port 3001 |
+-------------+--------------+
|
REST API + WebSocket
|
+-------------+-----------------+
| BugTraceAI-CLI |
| FastAPI + SQLite + LanceDB |
| Port 8000 |
+---+--------+-------------+----+
| | |
+----+--+ +---+------+ +----+------+
|Go | |Playwright| |AI Agents |
|Fuzzers| |Browser | |OpenRouter |
+-------+ +----------+ +-----------+
SQLite is the source of truth for all scan data. PostgreSQL is local to each WEB instance for chats, settings, and analysis. They work autonomously OR together -- multiple WEB instances can connect to one CLI over the network.
For detailed architecture documentation, see the Wiki.
The CLI runs a 6-phase autonomous pipeline:
| Phase | Name | Description |
|---|---|---|
| 1 | Discovery | Crawl and spider the target to map the attack surface |
| 2 | Analysis | Multi-persona AI analysis with consensus voting |
| 3 | Consolidation | Deduplicate findings and distribute to specialist queues |
| 4 | Exploitation | 14 specialist agents (XSS, SQLi, SSRF, IDOR, LFI, RCE, XXE, JWT, Open Redirect, Prototype Pollution, CSTI, Mass Assignment, Header Injection, BAC Detection) with Go fuzzers and AI-mutated payloads |
| 5 | Validation | Chrome DevTools Protocol + Vision AI screenshot analysis confirms findings |
| 6 | Reporting | PoC enrichment with WET/DRY traceability, AI-generated technical and executive reports |
The pipeline includes a circuit breaker that auto-pauses scanning when the target becomes unresponsive, and supports authenticated scanning with pre-configured tokens or automatic login flows.
For the full pipeline documentation, see the Wiki.
Want to see what BugTraceAI produces? Try the live demo or download a real scan report generated against BugStore -- our deliberately vulnerable practice app.
Scan highlights: 145 findings (43 validated) -- SQL Injection, XSS, LFI, CSTI, IDOR, JWT, RCE, Broken Access Control, Open Redirect, Prototype Pollution, GraphQL, SSRF, and more.
The zip includes the full markdown report, validated findings JSON, specialist agent results with WET/DRY traceability, reconnaissance data, and PoC enrichment output.
- Docker 24.0+
- Git
- 4 GB RAM (8 GB recommended)
- 10 GB disk space
- OpenRouter API key
git clone https://github.com/BugTraceAI/BugTraceAI-Launcher.git ~/bugtraceai-launcher
~/bugtraceai-launcher/launcher.shThe interactive wizard handles deployment mode selection, API key configuration, and port assignment.
| Mode | What You Get | Use Case |
|---|---|---|
| Full Platform | WEB + CLI auto-connected | Complete scanning + dashboard |
| Standalone CLI | Headless scanner + API | CI/CD pipelines, automation |
| Standalone WEB | Dashboard + AI tools | Manual analysis without scanning |
# CLI only
git clone https://github.com/BugTraceAI/BugTraceAI-CLI.git
cd BugTraceAI-CLI
pip install -r requirements.txt
python -m bugtrace --help
# WEB only
git clone https://github.com/BugTraceAI/BugTraceAI-WEB.git
cd BugTraceAI-WEB
docker compose upFull documentation is available in the Project Wiki:
- Overview -- What BugTraceAI is and who it's for
- Architecture -- System design and communication protocols
- BugTraceAI-CLI -- Autonomous scanner documentation
- BugTraceAI-WEB -- Web dashboard documentation
- BugTraceAI-Launcher -- Deployment guide
- API Reference -- REST API and WebSocket endpoints
- Getting Started -- Installation and first scan
| Resource | Link |
|---|---|
| Website | bugtraceai.com |
| Wiki | GitHub Wiki |
| DeepWiki | AI-powered docs |
| Issues | GitHub Issues |
| @yz9yt |
We welcome contributions: bug reports, feature requests, PRs, documentation improvements, and community tools. Open an issue on the respective repository to get started.
AGPL-3.0 License — Free to use, modify, and distribute. If you modify and distribute or offer as a service, you must share your changes under the same license.
See LICENSE file in each repository.
BugTraceAI -- Build your own self-hosted pentesting platform.
Albert C (@yz9yt)